This terraform module creates identity roles on AWS
This modules creates the following resources:
- Identity and Access Management (IAM) roles and policies
- Identity roles created:
- Admin Access
- Policy attached: "arn:aws:iam::aws:policy/AdministratorAccess"
- Data Scientist
- Policy attached: "arn:aws:iam::aws:policy/job-function/DataScientist"
- Database Admin
- Policy attached: "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator"
- Network Admin
- Policy attached: ""arn:aws:iam::aws:policy/job-function/NetworkAdministrator"
- Power User Access
- Policy attached: "arn:aws:iam::aws:policy/PowerUserAccess"
- Security Audit
- Policy attached: "arn:aws:iam::aws:policy/SecurityAudit"
- Support User
- Policy attached: "arn:aws:iam::aws:policy/job-function/SupportUser""
- System Admin
- Policy attached: "arn:aws:iam::aws:policy/job-function/SystemAdministrator"
- View Only Access
- Policy attached: "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess"
- Admin Access
In addition you have the option to:
- Set or not a IAM account alias
- Set Maximum CLI/API session duration
- The default value is 43200
| Name | Version |
|---|---|
| terraform | >= 0.12.0 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| account_name | Account name (slug) | any |
n/a | yes |
| create_default_roles | Create default roles in the account | bool |
true |
no |
| enable_iam_password_policy | Enable IAM passoword policy | bool |
false |
no |
| extra_roles | A list of extra roles to create in this account | list |
[] |
no |
| extra_roles_policy | A map of { <role_name> = } to create policies to extra roles in this account (role must be declared at extra_roles first) | map |
{} |
no |
| extra_roles_policy_arn | A map of { <role_name> = } to attach policies to extra roles in this account (role must be declared at extra_roles first) | map |
{} |
no |
| org_name | Name for this organization (slug) | any |
n/a | yes |
| role_max_session_duration | Maximum CLI/API session duration | string |
"43200" |
no |
| saml_provider_name | SAML Provider name to trust the roles created | any |
n/a | yes |
| set_account_alias | Whether to set or not IAM account alias | bool |
true |
no |
| Name | Description |
|---|---|
| iam_role_admin_arn | AdministratorAccess IAM role ARN |
| iam_role_data_scientist_arn | DataScientist IAM role ARN |
| iam_role_database_admin_arn | DatabaseAdministrator IAM role ARN |
| iam_role_extra_arns | n/a |
| iam_role_network_admin_arn | NetworkAdministrator IAM role ARN |
| iam_role_power_user_arn | PowerUserAccess IAM role ARN |
| iam_role_security_audit_arn | SecurityAudit IAM role ARN |
| iam_role_support_user_arn | SupportUser IAM role ARN |
| iam_role_system_admin_arn | SystemAdministrator IAM role ARN |
| iam_role_view_only_arn | ViewOnlyAccess IAM role ARN |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.